As a media company, Dow Jones is used to reporting on companies that have had data breaches; now it has found itself a victim of one. Today, Dow Jones admitted to being the victim of a data breach, though the impact of the breach is not all that widespread.
Dow Jones is a division of News Corp and is the publisher of the Wall Street Journal, MarketWatch and Barron's, among its well-known media properties.
Dow Jones did not discover the breach on its own; rather, law enforcement first alerted the company in July that some form of unauthorized access occurred. At this point, Dow Jones is estimating that the unauthorized access occurred between August 2012 and July 2015.
According to the information that law enforcement told Dow Jones, the attack was likely part of a broader campaign that involves other organizations. Dow Jones did not identify those other organizations, but it did identify what information at Dow Jones the attackers were after.
"It appears the goal of these hackers was to obtain customer contact information in order to send fraudulent solicitations," the company said in an FAQ on the incident.
That said, it appears as though attackers were also after payment card information as part of the attack, though the scope is small. According to Dow Jones, payment card and contact information on fewer than 3,500 individuals was likely accessed in the breach. To date, the company notes, it is unaware of any fraud as a result of the data breach.
For impacted users, Dow Jones is offering free identity protection services to help mitigate any potential risk. It is not, however, recommending that users in general update their account passwords for Dow Jones services.
"Because customer passwords were encrypted, we do not believe it is necessary to change your password," the company stated.
Beyond that, Dow Jones is providing some common best practices for user hygiene to help them stay safe in the wake of the data breach.
"In general it is important to safeguard your personal information," William Lewis, CEO of Dow Jones, wrote in a letter to customers. "Some easy steps you can take include watching for possible phishing attacks (suspicious emails enticing you to click on attachments or links), avoiding calls or emails from unknown sources that solicit your personal information and using trusted security software that is set to update automatically."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.